Primary

Context

Amazon Credentials Obfuscation Vulnerability in Perl Allowing Key Generation with Predictable Randomness

Vulnerability

A vulnerability exists in the Amazon::Credentials Perl module, affecting versions through 1.2.0. The issue arises because the module uses the rand function to generate encryption keys, leading to predictable and insecure key generation. This vulnerability allows for the potential decryption of obfuscated AWS credentials, which are stored to prevent exposure in the event of a data dump. Prior to version 1.3.0, the module encrypted secrets with a 64-bit key derived from the rand function, creating a risk of key prediction and unauthorized decryption.

Impact

Exploitation of this vulnerability allows for the decryption of AWS credentials that have been obfuscated for security.

Remediation

Users can upgrade to Amazon::Credentials version 1.3.0 or later, where this vulnerability has been addressed.

Added: May 11, 2026, 8:33 PM

Updated: May 11, 2026, 8:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

8.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

8.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Amazon Credentials Obfuscation Vulnerability in Perl Allowing Key Generation with Predictable Randomness

Vulnerability

Impact

Remediation

Affected Products

Amazon::Credentials

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating